‫ Mozilla Firefox Multiple Vulnerabilities

IRCAD2011041174

ID:IRCAD2011041174

Release Date: 2011-04-29

Criticality level: Highly critical

Software:

Mozilla Firefox 4.0.x

Description:

Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially

xecute arbitrary code.

2) An error in the WebGLES library when loading a shader can be exploited to cause a buffer overflow and execute arbitrary code.

3) An off-by-three error in libGLESv2 can be exploited to corrupt memory and execute arbitrary code.

NOTE: Additionally, a weakness exists within the "generate-id()" XPath function (libxslt), which can be exploited to disclose certain addresses from the heap.

The vulnerabilities are reported in versions prior to 4.0.1.

Solution:

Update to version 4.0.1.

References:

http://www.mozilla.org/security/announce/2011/mfsa2011-12.html

http://www.mozilla.org/security/announce/2011/mfsa2011-17.html

http://www.mozilla.org/security/announce/2011/mfsa2011-18.html

Secunia:

http://secunia.com/advisories/44406/

نظرات

بدون نظر

شما برای نظر دادن باید وارد شوید

مشخصات خبر


تاریخ ایجاد:	1 فروردین 1388

برچسب‌ها

راهنمایی امنیتی آرشیو

امتیاز

امتیاز شما

تعداد امتیازها: 0

مرکز مدیریت امداد و هماهنگی عملیات رخدادهای رایانه‌ای

ورود به حساب کاربری

‫ Mozilla Firefox Multiple Vulnerabilities

نظرات

مشخصات خبر

برچسب‌ها

امتیاز

بایگانی